Wednesday, January 1, 2014

Free VPS 1GB RAM Xen / Openvz 24 Hours Trial

Free VPS 1GB RAM Xen / Openvz 24 Hours Trial

Xen VPS - Solusvm Panel - USA
CPU - 2.5Ghz x 8 ( Dual L 5520 )
Ram - 1GB
HDD - 50GB
Bandwidth - 1Tb on 1Gbps Port
Available OS templates - Windows 2003, Windows 2008, Windows 2008 R2, Centos, Fedora, Ubuntu
( Windows Licence Not Include Use your own key )

Order Now http://lankapartnerhost.com/cart.php?a=add&pid=92

OpenVz VPS - Solusvm Panel - Romania
CPU - 3.2Ghz x 4 ( E3 1220 )
Ram - 1GB
HDD - 50GB
Bandwidth - 1Tb on 1Gbps Port
Available OS templates - Centos, Fedora, Ubuntu

Order Now http://lankapartnerhost.com/cart.php?a=add&pid=53

Make order and stop on the payment stage, put Notes / Additional Information box freevps , we will activate it for 3 hours free.
You can pay and continue after 24 hours if you satisfy with the service.
Use coupen code "freevps" to get 30% off lifetime

Tuesday, August 27, 2013

Tutorial to Secure your VPS using IPTables

Tutorial to Secure your VPS using IPTables

n this how-to we will show you how to secure your VPS using IPTables. When you host a server on the internet, dedicated or a VPS, you need to constantly be aware of security. Blocking unwanted access to services is a good start and that is where IPTables comes in. IPTables is a host based firewall that is highly powerful. You can do a lot more than just permit access based on ports or source and desitination IP addresses. you can do natting or throttling as well. We will save those last few for a more advanced how-to. The first thing we need to do obviously is install the packages.

Install IPTables Package

 yum install iptables

Now to define a rule base. You need to stop here for a minute and think what services do you need to be reachable on this host? Is it a web server? Then ports 443 and 80 should suffice. But if you are running a mail server you may need port 25 as well. You also need to determin if you will respond to ping because ICMP needs to be tightened up. Then you need to think about established connections and internal loopback connections. You want all that to work as well. Then again you need to still be able to access your server so you will need port 22 for SSH.
We will use all these ports and protocols as an example. You can add or remove ports as needed for your setup.

Configure IPTables Rules

 # Accept traffic from internal interfaces
iptables -A INPUT ! -i eth0 -j ACCEPT
# Accept traffic with the ACK flag set
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
# Allow incoming data that is part of a connection we established
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
# Allow data that is related to existing connections
iptables -A INPUT -m state --state RELATED -j ACCEPT
# Accept responses to DNS queries
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
# Accept responses to our pings
iptables -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
# Accept notifications of unreachable hosts
iptables -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
# Accept notifications to reduce sending speed
iptables -A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
# Accept notifications of lost packets
iptables -A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
# Accept notifications of protocol problems
iptables -A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
# Allow connections to our SSH server
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# Respond to pings
iptables -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT
# Allow connections to webserver
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Allow SSL connections to webserver
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
#Allow connections to SMTP server for mail delivery
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
 
iptables save

Now you have a basic rulebase built but you still need to start the firewall. You also want to start IPTables on boot so you need to enable it.

Configure Services

 /etc/init.d/iptables start
chkconfig iptables on

If everything went well you should still be able to access your server on the ports you have opened, yet any other services running, like VNC, will be blocked. You can test this using open-source tools like Nmap.

Tutorial to Setup a Virtual Private Server (VPS).

There are many benefits of VPS hosting versus Shared Hosting. For Example if you host your website off a VPS you will have dedicated resources available for your server. You no longer have the “bad neighbor” effect you can experience with shared hosting.
Additionally most reliable VPS Providers host their VPS’s on high powered dedicated hardware that is highly redundant. So your VPS will be available 99.95% of the time for most decent hosts. Keep in mind a VPS is a server and does require maintenance just like a physical server. That accounts for the .05%. If someone says they guarantee 100% uptime they are not being completely honest. You will need to reboot at some point to install certain security patches or new kernel. You can get around outages by load balancing but we will save that for another post.
Setting up a Virtual Private Server aka VPS is easier than you may think. You can choose any hosting provider you like but for this example we will use a good Xen VPS provider we use called ZoomCloud.net. They specialize in Xen VPS Hosting.
When looking for a good VPS provider we prefer ones that use Xen Hypervisor vs. other technologies like OpenVZ, KVM etc. Mainly because its harder to over subscribe physical resources of the host. This means your resources are for the most part dedicated. If you have a VPS with 4 GB of ram that 4 GB will be available to your server no matter what.
OK So now that you know why its a good reason to host from aVPS lets show you how easy it is to set one up.
First thing you will want to do is browse to zoomcloud.net and choose the model VPS you want. We recommend their Pro or Ultimate VPS models.

 For this example we will choose the Pro VPS. After selecting this model we are taken to the configuration page.  Here you choose your billing cycle (Monthly/Yearly), configure the VPS’s hostname and root password. You can also choose to purchase additional options such as additional IP addresses or license the cPanel/WHM Control panel.
Once you click checkout you will be taken to a screen where you can enter your Name and Address information, and choose your payment gateway. Make sure you enter an email address you can access as you will need to reference a mail you get sent in the next step.
When you click submit you will be redirected to PayPal’s (or other payment gateways) website to complete your transaction securely. Added plus is PayPal accepts all major credit cards and keeps your info safe.
After you pay your VPS will be deployed, this usually takes a couple of minutes to process, but you will get an email.
In this Email will be all the information you need to access your VPS such as IP address, Password, support contact information etc:

And there you have it. Your now the proud owner of a new VPS. 

                                                                                                                                                   vpstutorial
Web Management for your VPS, Webmin and cPanel

Web Management for your VPS, Webmin and cPanel

When it comes to managing a VPS that you are hosting multiple websites, or other domain services like email and DNS on, configuration can become a bit unruly. Administrators need some way of automating all the tasks of setting up new services for new clients. It would cost more in man hours than you will get in return from your client if you spend hours configuring everything manually. We have personally used two products for automation of web services. Both are good in there own ways, so we will give you a high level comparison of Webmin and cPanel.

cPanel/WHM

The first is the largest player in the web management space, WHM/cPanel. cPanel has a lot of features built in that will alleviate most of the head ache of setting up new hosting accounts. Additionally Cpanel will integrate nicely if you are already using WHMCS for a billing platform. There is a module that will allow you to automate setup of accounts as soon as payment is received. Some integration work is require to get this running smoothly but once its up and running, it pretty much runs itself.
The only downside to cPanel is that its not free. Don’t get me wrong its worth the low price they charge for this great product. It will pay for itself in no time.
Installation of cPanel is very straight forward. They have versions for VPS’s that are optimized to run in a virtual environment. To install simply follow the following commands:
wget http://httpupdate.cpanel.net/latest

chmod +x latest

./latest

The installer will ask you a few basic questions about the install and will start to build all the required applications. Once the system is installed browse to https://ipaddress:2087/ and follow the instructions to continue. Setup can take a while to complete as it does build some packages from source, so be prepared to wait a while.
That’s all there is to installing cPanel. We can dive into all the features of cPanel but we will save that for another post.

Webmin

The second product we have used is a Open source product called Virtualmin. They also offer a Pro version that has a few additional features that comes standard with cPanel. The Pro version is also cheaper in cost than cPanel. Like cPanel, Virtualmin can also be integrated with WHMCS to enable automation of setups based on billing.
Installing Virtualmin is equally just as simple, and faster than installing cPanel. To install Virtualmin, simply follow these commands:
wget http://software.virtualmin.com/gpl/scripts/install.sh

chmod +x install.sh

./install.sh

Once the installation has completed, point your browser to https://ipadress:10000 and logon as your root user.

The roundup

Both Virtualmin and cPanel are equally impressive. The decision on which one to use is more a philosophy anymore these days. It really boils down to which one you prefer and how much you want to spend. Both cPanel and Vitualmin Pro have their associated costs. Over the long run cPanel may be slightly more exspensive, however it is used by a vast majority of major web hosting companies. So if you choose cPanel, when you migrate clients from these major players, the client will have an interface they are already familiar with. Then again you could use the open source version of Virtualmin and get 95% of the features cpanel offers, and pay nothing in licensing fees.
let's compare between Shared Hosting, VPS, Dedicated Servers, and Cloud Servers

let's compare between Shared Hosting, VPS, Dedicated Servers, and Cloud Servers

When it comes to web hosting your choices are vast. This article is a Comparison of  Shared Hosting, VPS, Dedicated Servers, and Cloud Servers. We will discuss the benefits and shortcomings of each technology. The choices can be rather daunting, and there are a lot of “buzz words” that get thrown around in this technology space. Many Web Hosting Hosting companies exist on the internet and they are not all the same. No matter what web hosting technology fits your needs make sure you go with a reputable hosting company. Don’t rule out the smaller hosting providers. A lot of these smaller web hosting companies offer superior service when it comes to supporting you and your hosting infrastructure. If you have seen a commercial for a hosting company on TV, and you sign up with them, your likely to become just another number. So when looking for a Web Hosting Provider think “reputable” rather than large or small. Your local Better Business Bureau is a good place to start your search.

Shared Web Hosting

Shared Web Hosting is probably the most affordable of all hosting technologies. Just keep in mind you get what you pay for! If you are looking to host a small website or blog, shared hosting is probably best for you. Many hosting companies have plans Starting from as little as $4.99/mo.
The reason Shared Web Hosting is so cheap is that your website is being hosted on a shared web server with many other websites. So the cost to support the server is split among many clients by the hosting provider.
Many Web Hosting Companies offer clients a Web Based Control Panel, like cPanel or Plesk. This allows for easy management of your web hosting space.
The problems with Shared Web Hosting come when your site grows to be to large and intensive. Additionally your website could be slowed down by one of the 100+ other sites on the server your being hosted from. This is called the “Bad Neighbor Effect”. Another shortfall is email. Likely each domain being hosted on the server, also offers that domain email. All the emails no mater who sends them originate from that IP address. If you have someone else sending spam from the server, your email may get blocked as well.
If your looking for Shared Web Hosting, make sure you find a reputable Hosting Company that takes steps to prevent the shortcomings listed above.


VPS Hosting – Virtual Private Servers

Virtual Private Servers (VPS) or Virtual Dedicated Servers are a great hosting technology. They offer you a semi-dedicated environment with full access. There are several different flavors of VPS’s, that we covered in a previous post. We ranked Xen VPS Hosting superior to the other technologies in that post for two simple reasons. Your resources are dedicated, and Xen Virtualization is a proven standard.
Xen VPS Hosting offers close performance and freedom of a dedicated server. The client has full root access to their VPS and can instal any packages they require. Additionally if you choose a Xen VPS Server, your resources are guaranteed to be there just like in a real dedicated environment.
One downside to VPS hosting is again scale. VPS hosting is very affordable for midsize websites, but once you need to scale a VPS to accommodate a larger website, it is often more economical to host from a dedicated server.

Dedicated Servers

Dedicated Servers are the Best technology to host from if you have a large demanding site, or want to host many websites from one place. This is the real deal. You have a server in a Data Center and are the sole user of that server. Dedicated Server Hosting Companies often offer management plans for the servers too so you don’t need to worry about maintenance.
It’s hard to come up with a downside to Dedicated hosting. I would have to say the only downside is price. Dedicated Hosting is far more expensive than VPS or Shared Web Hosting. But again, you get what you pay for!

Cloud Servers

Cloud Servers or Cloud Computing is the relative new comer in the Web Hosting Space. To quote Wikipedia “Cloud computing is a jargon term without a commonly accepted non-ambiguous scientific or technical definition. In science, cloud computing is a synonym for distributed computing over a network and means the ability to run a program on many connected computers at the same time.”
Thats alot to wrap you head around! There are a lot of companies offering “cloud” this or that. But they are really just using “cloud” as a buzz word for virtualization. A Cloud Server is just a VPS after all, just running on the clouds infrastructure. There is alot more to cloud than that though.
Cloud computing has its benefits when it comes to running massively scaled applications across a huge infrastructure of systems. Think Amazon, Facebook, Ebay, and Google when you think cloud. They are huge players in this space.
OpenStack is an OpenSource Cloud Platform Funded by RackSpace and Nasa. Built buy a collaborative team of individuals world wide, it is quickly becoming the standard for companies looking to build their own clouds or offer services via a public cloud. If you are looking to build your own cloud you should definitely take a look at this project.
The downside to Cloud Computing is security. You are storing your data in a cloud with the data of potentially thousands of other customers of the cloud provider. You do not control the whole cloud, and although fairly stable, there have been cloud outages so no hosting technology is 100% uptime.

Conclusion

Shared Web Hosting offers an affordable solution to many people looking to host a simple website. Xen VPS Hosting is great for mid sized websites that need more control over the system and the performance close to a dedicated server. Dedicated Server Hosting is the Best in class hosting product you can get, and offers superior performance at a cost. Cloud Servers are a buzz word for aVPS but Cloud Computing is great for running massively scaled computational operations across a vast array of servers if you are a large sized company.

Sunday, August 25, 2013

Securing SSH Using Key Based Authentication

Securing SSH Using Key Based Authentication

Securing SSH Access to your VPS is imperative these days. Within minutes of your VPS being live on the internet, ‘bad actors’ will attempt to gain access. Having a good IPTables firewall in place is an important step, but you still need to secure the services you leave open through that firewall.

In a previous tutorial we covered the various ways you can access your VPS. We covered alot of Do’s and Don’ts but in this tutorial we will take it one step further by showing you how to Secure SSH and implement key based Authentication.
 

Securing SSH

The first step is Securing SSH by changing a few default settings in /etc/ssh/sshd_config.

First you need to disable root logon via SSH. Leaving root access open will leave an avenue open for ‘bad actors’ to attempt to brute force your root password. Disabling root access is simple. Simply uncomment the following line in /etc/ssh/sshd_config and change the option to no.


PermitRootLogin no

Setup SSH Key Based Authentication
The next step is setting up SSH Key based Authentication. By Default, at least in CentOS, key based authentication is enabled. You just need to generate your SSH key if you do not already have one. In this example we will use two CentOS Systems running OpenSSH. We will call one “Server” and one “Workstation”. Key Based Authentication will be setup so user “bob” can access his “Server” from his “Workstation”

On the “workstation” system, generate your SSH keys as user “bob”.
 
[bob@workstation ssh]$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bob/.ssh/id_rsa):
Created directory '/home/bob/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bob/.ssh/id_rsa.
Your public key has been saved in /home/bob/.ssh/id_rsa.pub.
The key fingerprint is:
df:24:26:75:c2:fc:6a:ff:8a:e1:00:6e:87:35:44:5f bob@workstation.zoomcloud.net
The key's randomart image is:
+--[ RSA 2048]----+
| . E |
| . + . |
| . * . |
| . . + |
| . S o o |
| . + = = |
| + o = . |
| . . + + |
| o oo. |
+-----------------+
[bob@workstation ssh]$
This generated a 2048 bit key pair in bob’s home directory under .ssh/ called /home/bob/.ssh/id_rsa and /home/bob/.ssh/id_rsa.pub respectively.

The .pub file is your public key. You will place this in the “authorized_keys” file on the server. The file called id_rsa is your PRIVATE KEY! Do no, repeat DO NOT, give this key to anyone. Just as you would not give out your password, you should not give anyone access to this key. You do however need to have this private key in your .ssh directory if you want SSH to use it. So if you have multiple workstations you will need to copy your private key to the workstations you will use it from.

So the next step is to add your PUBLIC key to your account’s “authorized_keys” file on the Server. To do this, first “cat” the public key and copy the data to your clipboard. Next SSH to the server and logon with your password. If the .ssh directory does not exist on the server run “ssh-keygen” there and it will create the directory there. Then paste your PUBLIC key data into “authorized_keys” like this:
</pre>
[bob@workstation .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0j3Fj19q+APXXr53OyyIB2hPdpjVwMtiZAWkQpeSMF16hyMDmKKRwRApSVLVIb9uVAKpm8ymyR/YP4PIHxldSAEZawVr9l4n9lUpVeiTIwS5jeT0zuE1rbNwrDs7WLO7ReWjRhivc3tuxSVTPOnzI6VuN9BtPabkPJHCvZR3Uln6rqAFtfRspsWaA3Pwl7+qUgYDUq5/ddqWbhllk3Ex9FPm7F8Lj6bLUsNHlFv0iRaywcBt38+a/z8UjCQh13iuaQsBfFwQ5bQTaTzyxH3sL1ePk5HPcLrAgxsTh2S7O5kd09ecHjVJN0WTbJucjcyxaSNbUKFiEqc3t2JjjDJgHQ== bob@workstation.zoomcloud.net

[bob@www .ssh]$

{COPY key data stating with "ssh-rsa" through "workstation"}
[bob@workstation ssh]$ ssh bob@server
bob@server's password:
bob@server [~]#

bob@server [~]# ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bob/.ssh/id_rsa):
Created directory '/home/bob/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bob/.ssh/id_rsa.
Your public key has been saved in /home/bob/.ssh/id_rsa.pub.
The key fingerprint is:
26:6f:50:2d:36:d0:d5:04:6c:71:77:0d:e3:67:b2:6b bob@server.zoomcloud.net
The key's randomart image is:
+--[ RSA 2048]----+
| .. o+=o +.o|
| ...o..o o.|
| =.. o o|
| o o = |
| o S . |
| = . |
| o E |
| . . |
| |
+-----------------+

bob@server [~]# cd .ssh/
bob@server [~/.ssh]# ls
./ ../ id_rsa id_rsa.pub
bob@server [~/.ssh]# vi authorized_keys

{PASTE KEY DATA on a new line, SAVE, and EXIT}
Next you need to set the proper permissions on the authorized keys file. Set it to be readable and writeable by only you.

bob@server [~/.ssh]# chmod 600 authorized_keys
bob@server [~/.ssh]# ls -ltrh
total 20K
-rw-r--r-- 1 bob bob 407 Aug 11 13:09 id_rsa.pub
-rw------- 1 bob bob 1.7K Aug 11 13:09 id_rsa
drwx------ 6 bob bob 4.0K Aug 11 13:11 ../
-rw------- 1 bob bob 403 Aug 11 13:15 authorized_keys
drwx------ 2 bob bob 4.0K Aug 11 13:15 ./
bob@server [~/.ssh]#

SSH Key Based Authentication is now setup between “Bob’s” “Workstation” and “Servers”. Disconnect your SSH session and reconnect. Now you will no longer be prompted for your password.

bob@workstation .ssh]$ ssh bob@server
Last login: Sun Aug 11 13:14:43 2013 from 199.231.190.21
bob@server [~]#

Also since we disabled direct root access over SSH you need to be able to still get root access. Luckily Bob was previously added to the group “wheel” in /etc/group by another Administrator. Since that is done, Bob can simply ‘su’ to access the root user and do what he needs to do as an Administrator.

bob@server [~]# su
Password:
root@server [/home/bob]#

Thats all there is to it. Now you can securely access your VPS over Securely over SSH with Key Based Authentication.
Apache Virtual Hosts Configuration on VPS

Apache Virtual Hosts Configuration on VPS

One great benefit of VPS hosting is being able to easily host multiple websites off the same server. Owning a VPS offers much more than just web hosting but in this tutorial we will show you how to setup virtual hosts with Apache.

Apache HTTP Server is probably one of the most influential pieces of open-source software that let to the explosive growth of the World Wide Web today. Still going strong it is the leading web server used across the internet today. Apache HTTP Server runs on many operating systems such as Unix, Linux, BSD, Windows, OSX, and Solaris, among others.

Apache HTTP Server is developed by the Apache Software Foundation, and has a strong community of  developers supporting the project.

Apache Virtual Hosts Configuration

Setting up virtual hosts is straightforward. In your HTTP Configuration file add the following lines. Modify the settings for your environment. If you have any question leave a comment and we will get back to you.

Shared IP with Multiple Virtual Hosts
   
# accept virtual host requests on all IP's
NameVirtualHost *:80

<VirtualHost *:80>
DocumentRoot /www/domain1
ServerName www.domain1.com

</VirtualHost>

<VirtualHost *:80>
DocumentRoot /www/domain2
ServerName www.domain2.net

</VirtualHost>

Virtual Hosts with dedicated IP addresses
   
Listen 80

# This is the server running on your main IP.
ServerName server.maindomain.com
DocumentRoot /www/maindomain

# Virtual Servers will use other IP address
NameVirtualHost 123.231.199.50

<VirtualHost 123.231.199.50>
DocumentRoot /www/domain1
ServerName www.domain.com

</VirtualHost>

<VirtualHost 123.231.199.50>
DocumentRoot /www/domain2
ServerName www.domain2.net

</VirtualHost>

Combination Name Based and IP Based Apache Virtual Hosts
   
Listen 80

NameVirtualHost 123.231.199.50

<VirtualHost 123.231.199.50>
DocumentRoot /www/domain1
ServerName www.domain.com
</VirtualHost>

<VirtualHost 123.231.199.50>
DocumentRoot /www/domain2
ServerName www.domain2.org
</VirtualHost>

<VirtualHost 123.231.199.50>
DocumentRoot /www/domain3
ServerName www.domain3.com
</VirtualHost>

## - IP Based Hosted Domains
<VirtualHost 123.231.199.51>
DocumentRoot /www/domain4
ServerName www.domain4.info
</VirtualHost>

<VirtualHost 123.231.199.51>
DocumentRoot /www/domain5
ServerName www.domain5.me
</VirtualHost>

Happy Hosting!